Macno
Legendary
Offline
Activity: 984
Merit: 1000
|
|
October 28, 2015, 08:58:06 AM |
|
Thank you for yuor answer.
However why there is so small voices? Shy people or what?
What voices are you talking about?
|
|
|
|
NextGenCrypto
|
|
October 28, 2015, 04:12:38 PM |
|
Can someone tell me how to set it up with Tor?
Here are the full instructions: 1. Start your client. You are welcome. Wow, even I forgot about this until I was looking at the node list on the explorer the other day. Great feature and even though we don't focus on anonymity, we still put a lot of time and effort into security.
|
|
|
|
tx42
|
|
October 28, 2015, 04:18:04 PM |
|
Thank you for yuor answer.
However why there is so small voices? Shy people or what?
It's a no drama coin. There are probably a lot of lurkers.
|
█ █ ██ ███ ███ ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ ███ ███ ██ █ ██ █ ██ ███ ███ ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ ███ ███ ██ █ █
|
|
|
NoobKidOnTheBlock
|
|
October 28, 2015, 05:30:34 PM |
|
Thank you for yuor answer.
However why there is so small voices? Shy people or what?
It's a no drama coin. There are probably a lot of lurkers. Ya that's good when there is no drama in a coin lol
|
▇ ▇▇▇ ▇▇▇▇▇ ▇▇▇▇ ▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇ | | ... | ............NoobKidOnThe.BLOCK.....
|
|
|
|
|
Colonel Crouton
|
|
October 29, 2015, 06:05:00 AM |
|
Thank you for yuor answer.
However why there is so small voices? Shy people or what?
I'm just a SNRG supporter and lurker with a really small voice.But I see new updates on github..... I'm a lurker too in the slack, but the devs are on fire in there. You can't go by what they post on bitcointalk even though they don't leave you guessing. Join the slack and lurk like me if you don't have time to chat to see what is really going on.
|
Ten-Hut!
|
|
|
Macno
Legendary
Offline
Activity: 984
Merit: 1000
|
|
October 29, 2015, 12:35:51 PM |
|
944 SNRG burned!
|
|
|
|
NextGenCrypto
|
|
October 29, 2015, 04:05:20 PM |
|
944 SNRG burned!
Yessir! Slowly but surely people are starting to notice and join Synergy Cloud. Should have a little update for you guys later today! Check back.
|
|
|
|
NextGenCrypto
|
|
October 29, 2015, 07:21:42 PM Last edit: November 06, 2015, 07:44:35 AM by NextGenCrypto |
|
The following updates to Synergy Cloud will be made at 8:30pm pacific this evening (29-Oct-2015).Enhanced API Key Encryption:This update vastly improves password and API security. According to security best practices, passwords are not stored on our servers (and never were). Instead only the cryptographic fingerprint ("hash") of a password is stored. When a user logs in, the hash of the attempted password is calculated and then compared to what is stored on our server. To discover the password, an attacker can try to hash many different passwords to find those that match hashes stored on our servers. To thwart this type of brute force search, we do not use a simple one-step hash. Instead, our new system stores the a hash of the password using a large number of cycles of a very computationally expensive hash, made more secure with a large 256 bit random salt. To get a sense of how long a 256 bit salt is, an example would be bb5d3f9c0e396c3f8884f24ec43a16a31e6139e4e10d44512c261fc305df427f. These security measures mean that an attacker must have a prohibitive amount of computing resources to "crack" any passwords that may be exposed if our database server, hosted by a third party, is compromised. We use similar technology to protect API keys. We do not store the actual API key on our servers. Instead we store the encrypted version, using AES encryption, which is one of the strongest encryption algorithms available. We also do not store the decryption keys to the encrypted API keys anywhere. When a user logs in, the decryption key is generated dynamically from the user's password, using a key derivation method similar to the method we use to create the password hashes for login. Are the password hashes and API decryption keys the same? No. Just the method to generate them are similar in that they are created using numerous rounds of strong cryptographic hashing with a random salt. The random salts are different. Finally, the salts are stored and the hashing is performed on a server remote from our database server, meaning that even if an attacker recovers the password hashes and encrypted API keys, they will still have to compromise the remote server to learn the hashing algorithm and salts. But, even in the highly unlikely event that they compromise both servers, discovering the hashes, encrypted keys, salts, and hashing algorithms, they will still be stifled by the need to brute force passwords under the burden of our very computationally expensive hashing system. Please Note: Due to the change in the way API keys are being stored, when you log in to your account after the update you will need to re-add the keys from the exchanges you wish to use. To ensure maximum security, please generate and use new keys. Google Two Factor AuthenticationGoogle Two Factor Authentication will be added to the site in order to increase your account security. Please visit your account settings to activate as soon as possible. We encourage ALL users to activate 2FA in order to better protect your account.Automated Calculation and Updating of SNRG Burning Price:The SNRG burn rate will now be updated daily based on market indicators. This will allow us to automatically maintain a consistent rate for using the sites services without having to do daily, manual calculations. This will mark the end of the introductory burn rate of 3 SNRG/day. Enabling of Automated System Email:Automated email functionality has been added in order to allow users to be able to utilize the Password Reset functionality should it be needed. Users will now also be required to confirm their email address prior to using the sites functionality. This will allow us to ensure users will have access to reset their password and additional site functionality that will be added in the future. As always, please feel free to let myself or Grandpa Jones know if you have any questions. We'll be available in the Slack channel tonight during the release to keep an eye on things and make sure the release goes as smoothly as possible for our users. -nextgen
|
|
|
|
tx42
|
|
October 29, 2015, 07:46:03 PM |
|
To thwart this type of brute force search, we do not use a simple one-step hash. Instead, our new system stores the a hash of the password using a large number of cycles of a very computationally expensive hash, made more secure with a large 256 bit random salt. To get a sense of how long a 256 bit salt is, an example would be bb5d3f9c0e396c3f8884f24ec43a16a31e6139e4e10d44512c261fc305df427f. These security measures mean that an attacker must have a prohibitive amount of computing resources to "crack" any passwords that may be exposed if our database server, hosted by a third party, is compromised.
This looks like the right way to do it. Hmmmm....I wonder what hashing algorithm they are using? It looks like they might be using scrypt from their last commits. Or why else make this commit at this time? I hope it's a lot of rounds. https://github.com/Grandpa-Jones/Synergy/commit/df02c93105bc03772e9af58f6b80f6886cfb61e5#diff-31dd861cd0a6a9747cbc540ac1e3bf72R362Value scrypthash(const Array& params, bool fHelp) { if (fHelp || params.size() < 3 || params.size() > 4) throw runtime_error( "scrypthash <message> <salt> <rounds> [force=false]\n" "The <message> and <salt> arguments are strings, <rounds> is an integer.\n" "If [force] is false, then <rounds> bigger than 1024 trigger an error.\n" "Returns hex of the hash sha256(scrypt(sha256(message, salt))).");
|
█ █ ██ ███ ███ ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ ███ ███ ██ █ ██ █ ██ ███ ███ ████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████ ███ ███ ██ █ █
|
|
|
Grandpa Jones (OP)
|
|
October 29, 2015, 10:37:12 PM |
|
To thwart this type of brute force search, we do not use a simple one-step hash. Instead, our new system stores the a hash of the password using a large number of cycles of a very computationally expensive hash, made more secure with a large 256 bit random salt. To get a sense of how long a 256 bit salt is, an example would be bb5d3f9c0e396c3f8884f24ec43a16a31e6139e4e10d44512c261fc305df427f. These security measures mean that an attacker must have a prohibitive amount of computing resources to "crack" any passwords that may be exposed if our database server, hosted by a third party, is compromised.
This looks like the right way to do it. Hmmmm....I wonder what hashing algorithm they are using? It looks like they might be using scrypt from their last commits. Or why else make this commit at this time? I hope it's a lot of rounds. https://github.com/Grandpa-Jones/Synergy/commit/df02c93105bc03772e9af58f6b80f6886cfb61e5#diff-31dd861cd0a6a9747cbc540ac1e3bf72R362Value scrypthash(const Array& params, bool fHelp) { if (fHelp || params.size() < 3 || params.size() > 4) throw runtime_error( "scrypthash <message> <salt> <rounds> [force=false]\n" "The <message> and <salt> arguments are strings, <rounds> is an integer.\n" "If [force] is false, then <rounds> bigger than 1024 trigger an error.\n" "Returns hex of the hash sha256(scrypt(sha256(message, salt)))."); It is, of course, irrelevant that you or anyone has "discovered" the hashing algorithm we use. The security doesn't depend on an attacker's not knowing the hashing algorithm. It's good to keep as much secret as possible, but real security does not rely on keeping algorithms (or even the salt) secret. It's how you use them that matters. The original implementation of the hashing algo we use was pure C# and was too slow. To make it faster, I used the C++ scrypt implementation already in the wallet code base and made an RPC call from it. We could have re-wrote the C# implementation to make it as fast as the C++ implementation, but there was no need. We have to have a wallet running anyway to do things like burn coins.
|
Synergy Dev Team
|
|
|
Colonel Crouton
|
|
October 30, 2015, 08:38:32 AM |
|
To thwart this type of brute force search, we do not use a simple one-step hash. Instead, our new system stores the a hash of the password using a large number of cycles of a very computationally expensive hash, made more secure with a large 256 bit random salt. To get a sense of how long a 256 bit salt is, an example would be bb5d3f9c0e396c3f8884f24ec43a16a31e6139e4e10d44512c261fc305df427f. These security measures mean that an attacker must have a prohibitive amount of computing resources to "crack" any passwords that may be exposed if our database server, hosted by a third party, is compromised.
This looks like the right way to do it. Hmmmm....I wonder what hashing algorithm they are using? It looks like they might be using scrypt from their last commits. Or why else make this commit at this time? I hope it's a lot of rounds. https://github.com/Grandpa-Jones/Synergy/commit/df02c93105bc03772e9af58f6b80f6886cfb61e5#diff-31dd861cd0a6a9747cbc540ac1e3bf72R362Value scrypthash(const Array& params, bool fHelp) { if (fHelp || params.size() < 3 || params.size() > 4) throw runtime_error( "scrypthash <message> <salt> <rounds> [force=false]\n" "The <message> and <salt> arguments are strings, <rounds> is an integer.\n" "If [force] is false, then <rounds> bigger than 1024 trigger an error.\n" "Returns hex of the hash sha256(scrypt(sha256(message, salt)))."); It is, of course, irrelevant that you or anyone has "discovered" the hashing algorithm we use. The security doesn't depend on an attacker's not knowing the hashing algorithm. It's good to keep as much secret as possible, but real security does not rely on keeping algorithms (or even the salt) secret. It's how you use them that matters. The original implementation of the hashing algo we use was pure C# and was too slow. To make it faster, I used the C++ scrypt implementation already in the wallet code base and made an RPC call from it. We could have re-wrote the C# implementation to make it as fast as the C++ implementation, but there was no need. We have to have a wallet running anyway to do things like burn coins. As usual, I have no idea what you are talking about, but it sounds great. Keep it up Grandpa!
|
Ten-Hut!
|
|
|
Colonel Crouton
|
|
October 30, 2015, 08:41:04 AM |
|
The following updates to Synergy Cloud will be made at 8:30pm pacific this evening (29-Oct-2015).Enhanced API Key Encryption:This update vastly improves password and API security. According to security best practices, passwords are not stored on our servers (and never were). Instead only the cryptographic fingerprint ("hash") of a password is stored. When a user logs in, the hash of the attempted password is calculated and then compared to what is stored on our server. To discover the password, an attacker can try to hash many different passwords to find those that match hashes stored on our servers. To thwart this type of brute force search, we do not use a simple one-step hash. Instead, our new system stores the a hash of the password using a large number of cycles of a very computationally expensive hash, made more secure with a large 256 bit random salt. To get a sense of how long a 256 bit salt is, an example would be bb5d3f9c0e396c3f8884f24ec43a16a31e6139e4e10d44512c261fc305df427f. These security measures mean that an attacker must have a prohibitive amount of computing resources to "crack" any passwords that may be exposed if our database server, hosted by a third party, is compromised. We use similar technology to protect API keys. We do not store the actual API key on our servers. Instead we store the encrypted version, using AES encryption, which is one of the strongest encryption algorithms available. We also do not store the decryption keys to the encrypted API keys anywhere. When a user logs in, the decryption key is generated dynamically from the user's password, using a key derivation method similar to the method we use to create the password hashes for login. Are the password hashes and API decryption keys the same? No. Just the method to generate them are similar in that they are created using numerous rounds of strong cryptographic hashing with a random salt. The random salts are different. Finally, the salts are stored and the hashing is performed on a server remote from our database server, meaning that even if an attacker recovers the password hashes and encrypted API keys, they will still have to compromise the remote server to learn the hashing algorithm and salts. But, even in the highly unlikely event that they compromise both servers, discovering the hashes, encrypted keys, salts, and hashing algorithms, they will still be stifled by the need to brute force passwords under the burden of our very computationally expensive hashing system. Please Note: Due to the change in the way API keys are being stored, when you log in to your account after the update you will need to re-add the keys from the exchanges you wish to use. To ensure maximum security, please generate and use new keys. Google Two Factor AuthenticationGoogle Two Factor Authentication will be added to the site in order to increase your account security. Please visit your account settings to activate as soon as possible. We encourage ALL users to activate 2FA in order to better protect your account.Automated Calculation and Updating of SNRG Burning Price:The SNRG burn rate will now be updated daily based on market indicators. This will allow us to automatically maintain a consistent rate for using the sites services without having to do daily, manual calculations. This will mark the end of the introductory burn rate of 3 SNRG/day. Enabling of Automated System Email:Automated email functionality has been added in order to allow users to be able to utilize the Password Reset functionality should it be needed. Users will now also be required to confirm their email address prior to using the sites functionality. This will allow us to ensure users will have access to reset their password and additional site functionality that will be added in the future. As always, please feel free to let myself or Grandpa Jones know if you have any questions. We'll be available in the Slack channel tonight during the release to keep an eye on things and make sure the release goes as smoothly as possible for our users. -nextgen An update--I didn't expect this today!
|
Ten-Hut!
|
|
|
bluehorseshoe
|
|
November 02, 2015, 03:28:01 PM |
|
My wallet doesn't look like it's syncing up and I sent coins to it 10/28 and they still aren't there. I have three connections currently.
Is there a new wallet since I downloaded this one last week or something else I need to do.
Any help would be greatly appreciated,
Brett
|
|
|
|
Digital_Currency_LTD
|
|
November 02, 2015, 03:31:27 PM |
|
My wallet doesn't look like it's syncing up and I sent coins to it 10/28 and they still aren't there. I have three connections currently.
Is there a new wallet since I downloaded this one last week or something else I need to do.
Any help would be greatly appreciated,
Brett
No new releases. I think you must restart your wallet or PC.
|
|
|
|
donnyespo
|
|
November 02, 2015, 03:39:20 PM |
|
I have been trying out the bot for a good week or so now.. I do notice at time my dust orders get an error, other than that pretty smooth. Any plans to try and implement arb function?
|
|
|
|
NextGenCrypto
|
|
November 02, 2015, 06:34:58 PM |
|
My wallet doesn't look like it's syncing up and I sent coins to it 10/28 and they still aren't there. I have three connections currently.
Is there a new wallet since I downloaded this one last week or something else I need to do.
Any help would be greatly appreciated,
Brett
Hey Brett, Can you confirm the number of blocks in your debug console matches what is in the explorer? https://chainz.cryptoid.info/snrg/If you want to join Slack I can help you out in real time: http://www.synergycoin.com/wp-login.php?action=slack-invitation-nextgen
|
|
|
|
Macno
Legendary
Offline
Activity: 984
Merit: 1000
|
|
November 02, 2015, 08:58:31 PM |
|
Any plans to try and implement arb function?
Would be interested as well on what the plan is for that function.
|
|
|
|
NextGenCrypto
|
|
November 02, 2015, 09:15:46 PM |
|
Any plans to try and implement arb function?
Would be interested as well on what the plan is for that function. This is something that has been requested by a couple users, however, I personally feel some of the items we have on our list would be more utilized by the community. I will not implement a manual arb functio,n so if we're going to do it, it needs to be done right which would take a decent amount of resources. Definitely something we'll discuss, but at this point we have no solid plans or timeline.
|
|
|
|
Grandpa Jones (OP)
|
|
November 02, 2015, 11:44:13 PM |
|
Wallets have been updated with the latest logo and colors. Update to the new look today!
|
Synergy Dev Team
|
|
|
Macno
Legendary
Offline
Activity: 984
Merit: 1000
|
|
November 03, 2015, 01:21:03 AM |
|
This is something that has been requested by a couple users, however, I personally feel some of the items we have on our list would be more utilized by the community.
"Some of the items"? Come on, tease us
|
|
|
|
|